cbcvebase.

Dompdf Dompdf vulnerabilities

4 known vulnerabilities affecting dompdf/dompdf_dompdf.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-3838P2CRITICALCVSS 9.8≥ unspecified, < 2.0.02024-11-15
CVE-2021-3838 [CRITICAL] CWE-502 CVE-2021-3838: DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the p DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remot
nvd
CVE-2021-3902P3CRITICALCVSS 9.8≥ unspecified, < 2.0.02024-11-15
CVE-2021-3902 [CRITICAL] CWE-611 CVE-2021-3902: An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allow An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose
nvd
CVE-2022-2400P4MEDIUMCVSS 5.3≥ unspecified, < 2.0.02022-07-18
CVE-2022-2400 [MEDIUM] CWE-73 CVE-2022-2400: External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
nvd
CVE-2022-0085P4MEDIUMCVSS 5.3≥ unspecified, < 2.0.02022-06-28
CVE-2022-0085 [MEDIUM] CWE-918 CVE-2022-0085: Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
nvd
Dompdf Dompdf vulnerabilities | cvebase